Quick Start Security for AWS KMS
Thank you!
We got your information.
Coralogix Extension For AWS KMS Includes:
Alerts - 6
Stay on top of AWS KMS key performance metrics. Keep everyone in the know with integration with Slack, PagerDuty and more.
Multiple keys created
This alert will trigger once someone creates more than 5 new KMS keys in a time period of 10 minutes. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment, Once a KMS key is created it can provide access to different assets in the AWS environment. Impact Access can be granted to unnecessary assets Mitigation Confirm with the relevant user the reason for this activity. If needed, disable or delete the relevant key/s. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486
New Key created
This alert will trigger once someone creates a new KMS key. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment. Once a KMS key created it can provide access to different assets in the AWS environment. Impact Access can be granted to unnecessary assets Mitigation Confirm with the relevant user the reason for this activity. If needed, disable or delete the relevant key. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486
Multiple KMS keys scheduled deletion
This alert will trigger once someone scheduled deletion action for more the 5 KMS keys in a time period of 10 minutes. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment, Once a key is deleted the services associated with this key might lose access to different places in the AWS which can impact business continuity. Impact Service will lose the ability to access different assets in the AWS. Mitigation Confirm with the relevant user the reason for this activity. If needed, stop the deletion process. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486
KMS key scheduled deletion
This alert will trigger once someone scheduled deletion for a KMS keys. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment. Once a key is deleted the services associated with this key might lose access to different places in the AWS which can impact business continuity. Impact Service will lose the ability to access different assets in the AWS. Mitigation Confirm with the relevant user the reason for this activity. If needed, stop the deletion process. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486
KMS key disabled
This alert will trigger once a KMS key is disabled. KMS keys are used to encrypt data and provide access for different services in the AWS environment, Once a key is disabled the services associated with this key might lose access to various services in AWS which can impact business continuity. Impact Services will lose access to different assets in AWS. Mitigation Confirm with the relevant user the reason for this activity. If needed, re-enable the relevant key. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486
Multiple KMS keys disabled
This alert will trigger once someone disabled more then 5 KMS key in an interval of 10 minutes. KMS keys are used to encrypt data and provide access for different services to different places in the AWS environment, Once a key was disabled the services associated with this key might lose access to different places in the AWS which can impact business continuity. Impact Services will lose the ability to access different assets in the AWS. Mitigation Confirm with the relevant user the reason for this activity. If needed, re-enable the relevant key/s. If needed, further investigate according to company policy. MITRE Tactic: TA0040 MITRE Technique: T1486
Integration
Learn more about Coralogix's out-of-the-box integration with AWS KMS in our documentation.